Right. So everyone is plenty excited to update to 2.0.2 to fix all those nasty bugs in 2.0 and 2.0.1 right? Well don’t bother. As far as I can tell it fixes nothing… unless you are on a 3g.

Before I say any more, I will say that the 3g baseband update to 2.08 provided me with a significant increase in signal bars for EDGE. I still cannot get 3g in my office, but my EDGE went from 2 bars to 5. If you have a 3g device, I suspect this, alone, is worth the update. Note though, the baseband update will probably neuter your ability to unlock with the upcoming unlocker from the dev team. Other benefit noted is that 3g to EDGE fallback now can occur without losing service which is nice if you’re on a call and it switches during you call.

Now then. The official release notes for the 2.0.2 firmware says “bug fixes”. So what bugs are fixed?

Reports on the internet say these bugs are fixed:

Sync time: Sync time with appstore apps takes forever. And I mean in the range of 1-2 hours. Anyways, this is not changed on 2.0.  The sync time is stll horrible.

Stability: So far, 2.0.2 has crashed for me more times than 2.0 and 2.0.1 combined. In fact, the device managed to crash just sitting idle doing nothing! I mean literally the iPhone was in the dock and a few minutes later, apple logo and rebooting. App crashes have actually increased since the update. I have two devices updated and both exhibit the same behavior. If you are looking for increased stability, stay 2.0.2 does not provide it.

Contacts Lag: I never saw contacts lag in the first place and I still don’t see it now. Perhaps that is because I’m a hermit and don’t have enough contacts :)

Signal Bars: Ok significant gain due to 2.08 baseband for 3g. If you have a 2g, you do not get a baseband update and there will be no change here. This means if you were unlocked on 2g you will still be after the upgrade. When pwnage comes out, upgrading with pwnage will disable the baseband update (most likely) and you will not benefit from this.  I am not sure if I get 3g from more locations around town or not though. I will take my iPhone out for a drive and test it. Update: I actually do get 3g more than I did on 2.0.1, but the same as I got on 2.0. 2.0.1 really was horrible for the 3g baseband.

AppStore / Cydia Lag: This is the most ridiculous bug and it’s still not fixed. Want to reproduce it easily? Install “Platinum Sudoku” followed by “Super Monkey Ball” and good luck ever installing anything from Cydia or AppStore again. It’s not as bad if you avoid the above two app installs, but it still is a pain in the back side. This is still not fixed. Our only hope is that Saurik can neuter this in Winterboard/ Mobile Substrate.

Mail Sync: As always, my mail crashed after I restored my backup just like 2.0, 2.01 etc. I can’t believe Apple would allow this problem to continue. Anyways, BossPrefs ‘fix user dir permission’ solves the problem. I guess it’s another example how the hacking community managed to fix one of Apple’s bugs. For those that don’t jailbreak? Well, I guess you can’t restore your backup.

For those of you that like quickpwn but want a GUI, there is one now. Here is a guide on how to use it. Before getting started, understand who this is for.

Who should use this tool? This is for those that are not planning to restore. It’s not clear what the activation state is after the process therefore, I only recommend this for those that have a contract carrier or an unlocked phone already. This is also perfect for those that pwned and did not install Cydia as it will result in Cydia being installed. If you are on a 2g and need to unlock, you can do so with bootneuter, but this will not activate for you. If you are on a stock device and using AT&T or a contract carrier, this is the perfect jailbreak for you. You will not lose your contacts or have to do any backups. Finally, if you are going to restore anyway, especially if you need to unlock a 2g, you may as well use winpwn or such.

Step 1: Download quickpwn gui and extract it. For this guide, we will use c:\quickpwn.

Step 2: Load iTunes and make sure it sees your phone. Leave iTunes running and do not touch it again.

Step 3: Download the proper firmware image (see firmwares page here for firmware of your choice). Save this image in the same folder with the quickpwn.exe file. For our example we will use c:\quickpwn. Your folder should now look like this:

Step 4: Launch quickpwn GUI.

Step 5: Select your device and hit the arrow at the bottom of the window.

Step 6: Click Browse

Get to your c:\quickpwn folder and select your firmware.

It should show you this when you are done:

Click the Blue arrow

Step 7: At the next screen, you are prompted to choose Cydia and Installer. Both are selected by default. You must select Cydia or your jailbreak will be useless. Installer is not a replacement for Cydia, is not ready, and has almost no packages. In addition, there is still a huge buglist in installer. In short, choose Cydia. This shouldn’t even be a choice. Select Cydia. Select installer if you want to but don’t forget Cydia. Note, you can also select to replace your bootlogos here if you wish.

Step 8: Click “Go”

Step 9: Wait. You will see some stuff go by on the screen:

Then you will be prompted to turn off your phone and press enter when you have done so:

Step 10) As it says on screen, turn off your phone by holding power, sliding to power off, and waiting for it to power off. Do not take the phone off the pc connection! If you do, you must start over.

Note: If you are being asked “Is your iPhone/iPod connected to your computer via USB” it is because you did not load iTunes and let it see your phone before starting. At this point it’s too late and you must start start back at step 8.

Step 11) In this next step we need to get our phone into DFU mode so it can be pwned. If you have any problems following the onscreen instructions, then refer to this DFU guide. The program will help you through the steps but it often takes multiple attempts to get into DFU mode. And, if you fail to get into DFU mode, the app quits and you must start over at step 8.

Therefore, I recommend that you get into DFU mode before hitting ENTER. Read the DFU guide link and press enter when you are in DFU mode. Then ignore the directions on the screen until it recognizes your phone is in DFU mode. When you are in DFU mode, the app should automatically take over and you will see this:

Wait a bit for the process to finish, and congratulations! You are done.

Step 12) Optional 2g phone only. If you need to unlock your phone, install bootneuter from Cydia and run it! Select “neuter, unlock, do not change bootloader settings, and then flash!”.

iPhone firmware 2.0.2 is out. But as always, do not update until we get word on a jailbreak. You can get the firmware files from our firmware links here.  The changelog officially only says “Bug Fixes”.

Many comments on various issues in 2.0 or 2.0.1 upgrades. Many questions have been answered numerous times. I am adding a summary of a lot of the problems and solutions in this post for reference. I can also update it over time if we need it.

Problem: Mail App crashes after my update.
Solution: This is caused by the sync of the backup from iTunes. The permissions on the mail folder are incorrect (it’s owned by root). The easiest fix is to run bossprefs, click more, and click “fix user dir permissions”. You may need to reboot.

Problem: I have AT&T or a contract carrier. I jailbroke with your guide and now I have no service.
Solution: You activated and you shouldn’t have. iTunes will activate for you but because you clicked the activate button, iTunes did not get to activate. Now your account is not validated. You need to redo the steps and not check activation on your image.

Problem: I have an unlocked 2g phone. I updated to 2.0. Now I get incorrect SIM.
Solution: You did not activate and unlock. Redo the steps and make sure you activate and unlock. In winpwn, this is “activate” and configure boot neuter on the last tab. (See my guide). On osx, this is saying “I am not legit” when asked in pwnage.

Problem: Winpwn IPSW will not complete. It just errors out.
Solution: This one is caused because the size of the image is larger than the partition space. Generally resizing the partition to 550mb solves it.

Problem: I cant restore my custom firmware. I just get error 6, 1, 2, (something low).
Solution: This has multiple causes. Generally, you are not in DFU mode. See DFU guide. Winpwn solution after ruling out the above: Delete the device file (x12220000_4_Recovery.ipsw) in your iTunes folder. (Search for the file). This can also be caused by using the incorrect firmware image (a 3g on a 2g for example).

Problem: My appstore apps are all crashing.
Solution: Sync them back on using iTunes. Should solve it. If not, uninstall them all then sync them on with iTunes.

Problem: I already restored my backup but iTunes keeps telling me I need to restore my backup.
Solution: See my post on this.

Problem: My installer has (insert problem here).
Solution: Installer 4 is not ready for use. See my post on it.  Use Cydia.

Problem: I did not install Cydia and installed only installer. I cant install Cydia or any apps now.
Solution: Redo the pwning with Cydia in the image. (Yes, start over).

Problem: Cydia just crashes when I load it. I cant get it to work at all. Cydia sucks!
Solution: Your pwnage install is corrupted. See this post on it.

Problem: In pwnage, I can’t download any of your packages.
Solution: Yes, only telesphoreo works. Skip this and install them from Cydia afterwards.

Problem: I have a 2g iPhone and need it unlocked. All the bootneuter settings are greyed out and I cant select anything. Why?
Solution: You selected a 3g firmware on your 2g iPhone. Download the correct firmware and start again.

Problem: After installing an app, I get a spinning wheel for a long time.
Solution: SpringBoard for 2.0 sucks. It may take 5-10 minutes in some cases to add a new app. There is no solution but to wait it out.  This is much worse on appstore apps once you get a load of them. See this post.

Problem: I am in DFU mode and I just get error 1604, 1602, 1601 (some 160x). I am pulling my hair out! What do I do?!
Solution: This one sucks. There’s no single answer for it. Here are some possible suggestions:

1. Using winpwn, the #1 cause of this error is you forgot to pwn your phone using the ipwner button! See step #10 in the winpwn guide. (Thanks Jason).
2. Validate you are using the correct firmware. You can get this if you are using an incompatible firmware (3g for 2g for example).
3. Restart your computer and try again.
4. Try another computer
5. Try switching USB ports
6. Uninstall and reinstall iTunes 7.7
7. Use recovery mode rather than DFU mode (try both).
8. Try using a *stock* unmodified image, restore to that, then, once that works proceed to custom images.

Yea, so you updated to 2.0.2 and hooked up to iTunes. Everything seemed to be goign well you thought. It found your backup and asked you to restore it. Phew, you won’t have to reenter your contacts so you’re happy. Your restore your backup its working.

Later you hook up to iTunes to add some songs and it is asking you again, do you want ot restore your backup or set up as a new phone. What the heck? Didn’t we already do this? This seems to be happening to lots of folks. The solution is simple.

To solve this, after you do your initial backup restore, just set up the phone as new. It shouldn’t ask you again after this. You won’t lose your contacts either because you already synced them on from the first backup restore.

Update: User haseebh2O has offered another solution. Uninstall iTunes, restart the PC, install iTunes 7.7, restore your backup again. It should stop asking.

So I set went on a trip and thought I would try some tethering with my 3g iPhone. First, I must say the tethering works great. I was able to download and install iTunes on my pc at about 120KB/sec! I was thrilled. However, most places had WiFi so I did not really need to tether.

The problems started on the last night of my trip. I stayed at a place with no WiFi, but my 3g was at 5 bars. So I started up the tethering apps and got in. After a few hours, I noticed that my iPhone was only at 50% charge. This seemed odd to me because I was plugged into the USB port charging the whole time. I thought that perhaps the USB was not providing enough power, so I moved the charger to the wall and continued my work. Checked up on it around 30 minutes later and it was now at 40% charge. Bottom line: iPhone tethering uses more power than charging circuitry can provide! Even powered, I am able to get about 4 hours at best. Finally, I had to disable the 3g and tether EDGE which allowed me to stay about even. Now, it’s possible some other stuff was going on and I will look into this possibility. However, be warned. Tethering uses a lot of power!

For those that are interested in how the tether was performed, I will produce a guide in our guides section on it shortly.

Pumpkin from the iPhone Dev Team posted his thoughts. I found it interesting and posted it here for you all to read. It does a nice job explaining the situation with Zibri as well as how pwnage and iPhone 2.0 hacks work. Enjoy.

The following opinions are mine, and not those of the DevTeam as a whole, although many members agree with me:

Free thoughts…

There’s something that’s been on my chest for awhile, and it’s been bothering others on the team as well. The name of this particular thorn in our sides begins with the letter Z and ends with “ibri”. Yes, I’m sure all of you are rolling your eyes at the “drama” we hacker “kids” are stirring up, but I’m sure if you had your work taken without permission, you would feel the same way. It’s particularly galling that he is still spreading FUD on his blog in an attempt to save face. I’m going to try to address some of them in this post.

Zibri implies that our jailbreak is not “real”, saying instead that our release is a “software upgrade, total internat [sic] firmware modification and custom firmware”.

For him, a “real hack” works in a few minutes because it only needs to modify a few bytes here and there.

When Pwnage 1.0 was released, it was indeed the ultimate hack for the iPhone/iPod Touch. Never before had the devices been under the user’s control from the very bottom up. Prior, less sophisticated jailbreaks were still subject to the whims of the kernel, which couldn’t be modified because the bootloader checked its signature and refused to boot if it was incorrect.

Back in those days, the definition of “hack” above was still a feasible one, as the chain of trust ended at the kernel. Once you gained write access to the root filesystem, you could run arbitrary programs and make patches at will to many system components. Indeed, many such patches were needed, to make activation allow unapproved SIM cards, and to make Springboard display unauthorized apps.

Fast forward back to the present, and you’ll see the situation has changed. Solutions that using a ramdisk simply made a change or two to the filesystem now must contend with the mighty kernel’s signature checking of all installed apps and libraries. Mounting the root filesystem and modifying /etc/fstab to make it writable is quite alright, but the moment you make patches for activation or anything else, the kernel will refuse to run the modified programs, unless you can somehow steal Apple’s private signing key. Furthermore, such a jailbreak would be essentially useless because the system would refuse to run any of your custom software (such as Installer.app or Cydia), again because of the lack of signatures on it.

Given the above situation, it becomes clear that if you want to use 2.0 for anything but screenshots, you either need to get ahold of Apple’s signing key (start preparing your army now) or you need to patch the 2.0 kernel. Hard as we tried, we couldn’t find much of an army, so we took the latter approach.

We adapted our Pwnage technique to the 2.0 firmware, using a new unreleased exploit that we’d been keeping to ourselves, in the hope that Apple wouldn’t patch it. This allows us to cut the signature checks out of the device bootloaders, allowing us to remove signature checking from the kernel, and enabling you to run all the custom software and patches you please.

Please note other than my facetious army suggestions, patching the bootloaders is the _only_ way to get a functional jailbreak for 2.0. Under the aforementioned definition of “real hack”, there is no such thing as a “real hack” for 2.0. I hope you agree with me by now that Pwnage, the exploit it uses, and its subsequent obliteration of the device’s chain of trust, is a “real hack”.

More FUD is spread by this undying rumor of “Palladium” (or TPM) being used fully on Apple’s devices, making it impossible for you “to play online with legit buyers.” This is nothing but uninformed nonsense, and while there is the potential for some definition of trusted computing on iPhone and iPod Touch, Apple is not using it, and they have no way to remotely distinguish your pwned device from a legitimately activated one. This should have been obvious from our examples of running App Store applications next to our custom ones, but “obvious” is a very relative term.

On an unrelated note, I and the others take issue with Zibri’s definition of open source. No, Linux distributions are not stealing, but our work was not released as open source, with any kind of permissive license, so the open source he brings into the discussion is entirely irrelevant. He took our work, our private exploits (such as the unreleased one we were able to use for Pwning 2.0), and without our permission (trying to defame us with fake comments, no less) used them in his work, that he made significant amounts of money on. He did this not by selling “his work”, but by portraying himself as the reasonable “dev” who fought against the tyranny of the dev team and Apple, and requesting donations to his “cause” (recall his older iphone-elite.googlecode.com and his self-righteous bashing of the dev team for accepting donations; funny how principles change). Furthermore, with his millions of hits and occasionally obscene ads, he made his site into a complete money machine. So although he did not sell our work, it is more than fair to say that he made plenty of money from it.

And as to his most recent update, I’m not really sure what to say. I’d call it the swan song, but that would imply he was a swan, which is certainly not my intention. Maybe the chicken song would be more appropriate. ZiPhone was “developed” 9 months after the iPhone release, so he’s justifying his lack of releases now, okay. Once again he pushes the “real hack” idea, which we hope we’ve already pounded sufficiently into the ground above. We’re not sure how the fact that we were so popular it took down multiple unmetered gigabit servers is a point in his favor. We’ve had close to a third of his total visits since last week.

I want to dedicate a special paragraph to something that’s been bugging us for a while, too. The myth that ZiPhone never harmed a phone. Certainly, we all know that iPhones are almost impossible to brick, but flashing unmatched fls/eep pairs to the baseband is plain irresponsible on Zibri’s part. Does he not care about messing up phones, or does he simply not know better? And the laughable WiFi fix he released for issues that he called “user error” (actually a consequence of the above design choice) where he unconditionally set every ZiPhone WiFi MAC address to 0:Z:i:b:r:i? How did he expect that to work? It doesn’t take a networking genius to figure out that two such phones on the same network would cause havoc, and indeed it did.

The following few “facts” on his blog are just more FUD. Our tools can’t kill iPhones, because the only way to kill an iPhone through software (and even then just the radio) is to flash an incomplete image as the S-Gold bootloader. Apple cannot remotely kill pwned iPhones because as I mentioned earlier, it has no way to detect which iPhones are pwned.

I’m not sure why he goes on to say that you should be satisfied with Apple’s AppStore. It certainly contains many good programs, but to quote Zibri just a couple of weeks earlier:

As of today you will have 2 choices:
1) Believe in the community and don’t upgrade to 2.0
2) Say goodbye to Installer and freedom and upgrade.

So are you suggesting we say goodbye to freedom now? I guess we can’t expect much from someone who made a reputation for himself by denouncing the devteam for accepting donations (not even soliciting them) and who now has a website full of ads, exhortations to donate, and very little content? Now we have given you a nice opportunity to upgrade to 2.0, use the AppStore _and_ use community apps. If he really wanted the good of the community, why is he not recommending it?

I would normally just ignore his entries, but as many still look at Zibri as an authority in the scene, I felt the need to dispel some of the FUD he was spreading, and finally denounce his pathetic attempts to stay relevant. Posting the latest root filesystem key after we release PwnageTool? PwnageTool exposes all the keys right within its plist files. And if he knew about the DFU exploit all along, as he implies, why didn’t he take advantage of it? We would like to see him write up an article on how it all works, just to prove that Zibri knows all.

Thank you for your patience reading this. We will continue working hard on providing quality hacks and software, but please, to anyone who’s tempted, stop spreading bullshit about us and our work.

Pwnage 2.0 is out. You can get it here. Tutorial soon to follow.

Update: I am mirroring the download here.

Reminder: as of right now, there are no apps out for 2.0. Over the next few days some will come out. So do not update yet if you have some favorite 1.1.x apps you are using! 2.0 will not run 1.1.4 apps!